From 16d7b35bae20d27e99b4fddb81736f33e0b6673e Mon Sep 17 00:00:00 2001 From: root Date: Mon, 24 Nov 2008 12:42:59 +0000 Subject: [PATCH] Added SQL Injection prevention The hash does not work with most email clients, needs more testing --- www/index.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/www/index.php b/www/index.php index d215a48..3295115 100644 --- a/www/index.php +++ b/www/index.php @@ -117,7 +117,7 @@ $_SESSION['_config']['errmsg'] = sprintf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); } else { $query = "update `users` set `password`=sha1('".$_SESSION['lostpw']['pw1']."') - where `id`='".$_SESSION['lostpw']['user']['id']."'"; + where `id`='".intval($_SESSION['lostpw']['user']['id'])."'"; mysql_query($query) || die(mysql_error()); showheader(_("Welcome to CAcert.org")); echo _("Your Pass Phrase has been updated and your primary email account has been notified of the change."); @@ -538,7 +538,7 @@ mysql_query($query); $body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n"; - $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash&lang=".$_SESSION['_config']['language']."\n\n"; + $body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n"; //."&"."lang=".$_SESSION['_config']['language']."\n\n"; $body .= _("Best regards")."\n"._("CAcert.org Support!"); sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");